Sharon,
1) You are, correct, this is not done anywhere in the OpenSSL code. You
have to make that check outside of OpenSSL, probably just after the
handshake has completed. The precise check you mention is not really
mandated by SSL. If you want to authenticate the peer you do need to make
sure the identity as presented in the certificate is acceptable. This is
typically exactly the check you mentioned, that the hostname in the
certificate matches the hostname you thought you were connecting to (see.
rfc 2818), however there are other possibilities and it is up to the
application developer. I might just be willing to trust anybody whose
certificate chain is rooted at Verisign.
2) Don't know if this potential problem is an issue for OpenSSL --
although I don't even think it supports any signing-only ciphersuites!
_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________
----- Original Message -----
From: "Sharon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 25, 2001 3:52 AM
Subject: Some question about SSL implementation...
> Hello,
>
> I've tried recently to answer few questions about SSL and its
implementation
> inside OpenSSL, and I failed. Maybe somebody have an idea?
> The questions are:
>
> 1. During certificate verification, I didn't found a place in the code
where
> the name in the certificate checked against the domain name of
certificate's
> sender (usually verification done for servers only by clients, but it
> doesn't really matter here).
>
> 2. SSL itself has several open issues. One of them - very simple to fix.
> Here it is: if during the handshake, you negotiated algorithms for digital
> signature but without encryption (i.e., only hashing), some hacker sitting
> on the net can easily drop ChangeCipherSpec messages from both sides that
> should change SSL state from "pass messages" to "pass signed messages".
The
> 'Finished' message, sent just after ChangeCipherSpec - will not change
(even
> that it contains sign of all the handshake till now). So, the problem here
> is that ChangeCipherSpec message does not belong to Handshake protocol and
> thus we can't verify that it arrived before 'Finished' message. The
solution
> seems to be very simple (maybe I wrong?): just to turn on some flag when
> ChangeCipherSpec message arrives, and if it didn't arrived before
'Finished'
> message - drop the whole connection. Am I right? I know that it's pretty
old
> problem, so I was hoping that maybe there will be a solution to this
soon...
> If not - may somebody give me directions what is the easiest way to fix it
> (what file will be most appropriate for this) ?
>
> Best Regards,
>
> Sharon Voskoboynik.
> Spearhead Technologies Ltd.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
